7.8

CVE-2025-4802

Exploit
Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuGlibc Version >= 2.27 <= 2.38
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.56% 0.425
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e
Patch
https://sourceware.org/bugzilla/show_bug.cgi?id=32976
Issue Tracking
http://www.openwall.com/lists/oss-security/2025/05/16/7
Mailing List
http://www.openwall.com/lists/oss-security/2025/05/17/2
Exploit
Mailing List
https://lists.debian.org/debian-lts-announce/2025/05/msg00033.html